FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

By Ravie Lakshmanan — August 2nd 2022 at 08:07
A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial
☐ ☆ ✇ The Hacker News

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access

By Ravie Lakshmanan — July 27th 2022 at 07:17
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target
☐ ☆ ✇ The Hacker News

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

By Ravie Lakshmanan — July 25th 2022 at 15:43
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10
☐ ☆ ✇ The Hacker News

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

By Ravie Lakshmanan — July 12th 2022 at 05:33
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education
☐ ☆ ✇ The Hacker News

Researchers Warn of Raspberry Robin's Worm Targeting Windows Users

By Ravie Lakshmanan — July 8th 2022 at 18:53
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities.  Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing
❌